In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
Open Source Tool of the Month: GnuPG! - It’s the new year! And to start it off right, LinuxSecurity.com wants to start things off with January’s Open Source Tool of the month: GnuPG!
Encryption is one of the main pillars of security, and GnuPG is a robust and flexible tool with great functionality that is fully GPL Licensed. And since it just celebrated its landmark 10th Anniversary, it was an easy choice for our tool of the month.
Ten years is a long time in the open source community; a very long time. Lasting a decade, especially in these years of open source development, is nothing short of remarkable. And like all great open source projects, it came from humble beginnings - it was initiated as a way to encrypt data without relying on restricted patents (namely RSA and IDEA) by Werner Koch from Germany. Why?
Back in 1999 Richard Stallman was interested in pursuing a PGP replacement after existing patents had run out and had decided to turn to European developers...
Master's Student: A Quick and Dirty Guide To Kernel Hardening with GrSecurity - Our resident Master's student Gian Spicuzza chimes in this month with a great feature HowTo on Kernel Hardening! There are a number of ways to lock down a system, and RBAC (role based access control) is one of them. Read on to learn more about what makes RBAC so useful, and to read one of the best overviews on Low/Medium/High Security... The combination of the Linux kernel and GNU packages has always been regarded as a secure operating system, but can it be more secure? Kernel hardening is the answer to tightening up the Linux backbone. GrSecurity, a kernel patch for Linux, is one of the more popular approaches...
One of the most significant feature is the addition of a role-based access control system (RBAC) that monitors what each user can execute based on their role and denies execution if they overstep their pre-defined rules.
| |
EnGarde Secure Community v3.0.18 Now Available! (Dec 4) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more. http://www.linuxsecurity.com/content/view/131851
|
|
|
| |
Debian: New openafs packages fix denial of service vulnerability (Jan 10) |
| |
A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. http://www.linuxsecurity.com/content/view/133088
|
| |
Debian: New dovecot packages fix information disclosure (Jan 9) |
| |
It was discovered that Dovecot, a POP3 and IMAP server, only when used with LDAP authentication and a base that contains variables, could allow a user to log in to the account of another user with the same password. http://www.linuxsecurity.com/content/view/133080
|
| |
Debian: New fail2ban packages fix denial of service (Jan 9) |
| |
Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address. http://www.linuxsecurity.com/content/view/133079
|
| |
Debian: New libarchive1 packages fix several problems (Jan 8) |
| |
It was discovered that libarchive1 would miscompute the length of a buffer resulting in a buffer overflow if yet another type of corruption occurred in a pax extension header. http://www.linuxsecurity.com/content/view/133067
|
| |
Debian: New freetype packages fix arbitrary code execution (Jan 7) |
| |
Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font. http://www.linuxsecurity.com/content/view/133061
|
| |
Debian: New tomcat5 packages fix several vulnerabilities (Jan 7) |
| |
It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. http://www.linuxsecurity.com/content/view/133060
|
| |
Debian: New wzdftpd packages fix denial of service (Jan 6) |
| |
"k1tk4t" discovered that wzdftpd, a portable, modular, small and efficient ftp server, did not correctly handle the receipt of long usernames. This could allow remote users to cause the daemon to exit. http://www.linuxsecurity.com/content/view/132912
|
| |
Debian: New mysql-dfsg-5.0 packages fix several (Jan 6) |
| |
Several local/remote vulnerabilities have been discovered in the MySQL database server. It was discovered that privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users. http://www.linuxsecurity.com/content/view/132911
|
|
|
| |
Fedora 8 Update: rsyslog-1.19.11-3.fc8 (Jan 6) |
| |
fixed a potential race condition with enqueueMsg(), it may fix (#384341) http://www.linuxsecurity.com/content/view/133050
|
|
|
| |
Gentoo: Xfce Multiple vulnerabilities (Jan 9) |
| |
Multiple vulnerabilities in Xfce might allow user-assisted attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/133083
|
| |
Gentoo: unp Arbitrary command execution (Jan 8) |
| |
unp allows execution of arbitrary code via malicious file names.A remote attacker could entice a user or automated system to unpack a compressed archive with a specially crafted file name, leading to the execution of shell commands from within the filename. That code will be executed with the privileges of the user running unp. http://www.linuxsecurity.com/content/view/133068
|
|
|
| |
Mandriva: Updated kernel packages fix multiple (Jan 11) |
| |
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. (CVE-2007-3740) http://www.linuxsecurity.com/content/view/133106
|
| |
Mandriva: Updated e2fsprogs packages fix incorrect (Jan 11) |
| |
An incorrect Requires was added to the e2fsprogs package that prevented it from being installed properly on a system with both 32bit and 64bit update media configured. This update corrects the Requires, allowing the package to be installed properly. http://www.linuxsecurity.com/content/view/133091
|
| |
Mandriva: Updated exiv2 packages fix vulnerability (Jan 10) |
| |
An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/133087
|
| |
Mandriva: Updated libexif packages fix multiple (Jan 9) |
| |
An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash. http://www.linuxsecurity.com/content/view/133081
|
| |
Mandriva: Updated postgresql packages fix denial of service (Jan 9) |
| |
Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. http://www.linuxsecurity.com/content/view/133076
|
| |
Mandriva: Updated postgresql packages fix denial of service (Jan 9) |
| |
Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were http://www.linuxsecurity.com/content/view/133074
|
| |
Mandriva: Updated gcc packages fix minor bug (Jan 9) |
| |
The version of gcc as shipped with Corporate Server 4 suffered from an optimization bug that would lead to bad code generation. A side-effect of this bug is that some packages, such as the recently-released ClamAV update, would no longer compile properly. This update uses an upstream patch to correct the problem. http://www.linuxsecurity.com/content/view/133073
|
| |
Mandriva: Updated clamav packages fix multiple (Jan 9) |
| |
An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). http://www.linuxsecurity.com/content/view/133072
|
| |
Mandriva: Updated wireshark packages fix multiple (Jan 8) |
| |
A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update provides Wireshark 0.99.7 which is not vulnerable to these issues. http://www.linuxsecurity.com/content/view/133063
|
|
|
| |
Ubuntu: Dovecot vulnerability (Jan 10) |
| |
It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable. http://www.linuxsecurity.com/content/view/133090
|
| |
Ubuntu: OpenSSH vulnerability (Jan 9) |
| |
Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host. http://www.linuxsecurity.com/content/view/133084
|
| |
Ubuntu: Squid vulnerability (Jan 9) |
| |
It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service. http://www.linuxsecurity.com/content/view/133082
|
| |
Ubuntu: Net-SNMP vulnerability (Jan 9) |
| |
Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion. http://www.linuxsecurity.com/content/view/133075
|
| |
Ubuntu: CUPS vulnerabilities (Jan 9) |
| |
Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. http://www.linuxsecurity.com/content/view/133069
|
| |
Ubuntu: pwlib vulnerability (Jan 9) |
| |
Jose Miguel Esparza discovered that pwlib did not correctly handle large string lengths. A remote attacker could send specially crafted packets to applications linked against pwlib (e.g. Ekiga) causing them to crash, leading to a denial of service. http://www.linuxsecurity.com/content/view/133070
|
| |
Ubuntu: opal vulnerability (Jan 9) |
| |
Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service. http://www.linuxsecurity.com/content/view/133071
|
| |
Ubuntu: Tomboy vulnerability (Jan 7) |
| |
Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. http://www.linuxsecurity.com/content/view/133062
|
